A Deeper Look Into The Ashley Madison Hack

Last August, news of the hacking attack on the extramarital affair website, Ashley Madison, made headlines and left in its wake a path of destruction.

The original impact of the incident was quite significant, with a hacking group called “The Impact Team” publicizing over 5 gigs of data stolen from the website. The information was released in three separate leaks, revealing the names of over 37 million user Email addresses, as well as reputation damaging private Emails belonging to Ashley Madison CEO, Noel Biderman.

Attackers chose to target the affair facilitating website out of moral integrity, in protest of the deceitful nature of the service, shaming the users publically and painting the founder and CEO in a negative light.

Ashley Madison CEO Steps Down

Personal and professional Emails obtained by the hackers belonging to Noel Biderman were released as part of the data breach, leaving Biderman in a compromising position. He had always maintained that despite his line of work he was a committed family man, happily married to his wife, and did not partake in extramarital activities. Leaked Emails would leave the impression that this is not true, and he has in fact been involved in several affairs.

When the data breach first occurred, Biderman downplayed the impact of the attack and made several claims implying the hackers were unable to obtain any information and that it was considered to be an inside job. He was left with egg on his face when the Email addresses, as well as his own transgressions, were revealed on the dark web.

The Aftermath

The aftermath of this data breach is quite impactful, and for many people. Not only has Noel Biderman resigned from his position as CEO, leaving the Ashley Madison site to be run by senior management, but many of the users whose information was revealed are also suffering the consequences. Many divorces have stemmed as a result of the leak, and Canadian police are investigating two suicides in connection with the event as well, indicating the impact has been felt far and wide.

Unfortunately for them, many of the sites users were not very careful and used personal and even their professional Email addresses to join the site. The released list even contained a number of .gov addresses, showing common sense is not always so common.

Ashley Madison Drops the Ball

The glorified dating site for those looking outside of their marriages really let their users down. Given the sensitive nature of the websites purpose, and the obvious desire to keep things quiet for site visitors they failed to implement or maintain any sort of security measures that would be within the realm of appropriate.

In addition to inadequate security, the site also had no authentication process for new users signing up, meaning anybody could sign up anyone they wish, needing only their Email to do so. This leaves us wondering how many false profiles really are on the Ashley Madison network, and if some of the Email addresses released were even associated with active members. Perhaps the owners of some of these addresses were not even aware they were registered for the site.

The site promises confidentiality and secrecy with membership, yet failed to provide just that. This is likely to have crippling effects on the Ashley Madison business, and many technology experts are expecting the site to be finished in a short amount of time.

Is Ashley Madison a Fraud?

A deeper look into the Ashley Madison situation shows that security is not the only deception they provide to their members. While the marketing would lead you to believe there are as many women available as there are men on the site, this is not all the case. The ratio is closer to 90% men paying for the service, to 10% women. Even more concerning is that it would appear a large percentage of the female profiles are falsified, meaning there is little to no chance of actually meeting a woman through the site, because quite frankly, there aren’t any there.

Ashley Madison is not the only “dating” site that follows these misleading practices, but should the Federal Trade Commission choose to investigate, it could lead to a world of trouble for the site. Charging men for membership in order to meet women, and then falsifying the female profiles to lure new users in could possibly be perceived as fraud.

To learn more about this incident, and the importance of proper security, reach out to Alvarez Technology Group at (831) 753 -7677 or info@alvareztg.com.